Special Chars in _POST

Question

rickarro 0 Junior Poster

16 Years Ago

Hey All, I'm having trouble figuring out why I can not put aphostrophies in my input form. This is a user input area and it won't take words like, don't, won't ...etc. Here is the input form

<?php
if (!isset($_SESSION['valid_ad_user']))
{
echo "<h2>Sorry, you do not have permission to post ads</h2>\n";
echo "<a href=\"index.php?content=login\">Please login to post ads</a>\n";
} else
{
$userid = $_SESSION['valid_ad_user'];
echo "<form action=\"index.php\" method=\"post\">\n";
echo "<h2>Enter your new ad</h2><br>\n";
echo "<h2><i>Please identify if your ad is for \"county\" or \"personal\" use</i></h2><br>\n";
echo "<h3>Title:</h3>\n";
echo "<select name=\"title\">\n";
$query="SELECT catid,name from categories";
   $result=mysql_query($query);
   while($row=mysql_fetch_array($result,MYSQL_ASSOC))
   {
       $catid = $row['catid'];
       $name = $row['name'];
       echo "<option value=\"$name\">$name</option>\n";
   }
   echo "</select>\n";
echo "<br>Short Description:<br><textarea rows=\"5\" cols=\"50\" name=\"shortdesc\"></textarea><br>\n";
echo "<h3>Long Description: </h3>\n";
echo "<textarea rows=\"10\" cols=\"50\" name=\"longdesc\"></textarea><br>\n";
echo "<h3>Contact Information:</h3>\n";
echo "<textarea rows=\"10\" cols=\"50\" name=\"contact\"></textarea><br>\n";
echo "<input type=\"submit\" value=\"Submit\">\n";

echo "<input type=\"hidden\" name=\"poster\" value=\"$userid\"><br>\n";
echo "<input type=\"hidden\" name=\"content\" value=\"addad\">\n";
echo "</form>\n";
}
?>

Which then sends to this form....

<?php

  $title = $_POST['title'];
  $poster = $_POST['poster'];
  $shortdesc = htmlspecialchars($_POST['shortdesc']);
  $longdesc = htmlspecialchars($_POST['longdesc']);
  $contact = htmlspecialchars($_POST['contact']);

  if (trim($poster) == '')
  {
     echo "<h2>Sorry, each ad must have a poster</h2>\n";
  }else
  {
    $con = mysql_connect("localhost", "test", "test") or die('Could not connect to server');
    mysql_select_db("classifieds", $con) or die('Could not connect to database');
    $query = "INSERT INTO ads (title, poster, shortdesc, longdesc, contact) " .
       " VALUES ('$title', '$poster', '$shortdesc', '$longdesc', '$contact')";

    $result = mysql_query($query) or die('Sorry, we could not post your ad to the database at this time');

    if ($result)
       echo "<h2>Ad posted</h2>\n";
    else
       echo "<h2>Sorry, there was a problem posting your ad</h2>\n";
  }
?>

The htmlspecialchars should allow the ' to be added, but not sure why its not. I'm getting a Sorry, we could not post your ad to the database at this time. Any help would be greatly appreciated.

Thanks

php

1 Contributor
1 Reply
98 Views
6 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by rickarro

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rickarro 0 Junior Poster · Answer 1 · 2008-10-24T21:20:06+00:00

Sorry, i figured it out. I seems that magic_quotes_gpc was not automatically turned on in the php.ini file. I hate when that happens. :) Thanks anyway.